FortiGate Out of Sync after device updates CRL
I've configured a pair of FortiGate 81E firewalls into a HA cluster, and I use them to terminate a set of auto-detect IPSEC tunnels. To improve security, I use PKI to authenticate the tunnels, and I have configured the firewalls to download CRL updates using HTTP. The firewalls currently run FortiOS 5.6.5, and FortiManager is 6.0.2.
Unfortunately, when the firewalls update the CRL, it causes them to register as Out of Sync in FortiManager.
Is there a way to prevent this?